0

I've been doing some reading on PHP security and I ran into a great question/article on SO > Exploitable PHP functions

There are a ton of interesting commands/functions that should never even be possible to run.

My question is... Does CI have any built in protection/prevention against using any of the commands/functions found on this list?

If so, please point it out for me, I cant seem to find it.

If not, would it be possible to add to or create a CI core class for preventing some or all of the possibly exploitable commands?

It might sound a lil counter intuitive, but having CI dictate best practices seems to be a big part of its design... For example, the CSRF will break your form submission process if you dont set it up right... And thats built right in, but disabled...

Thanks, Peter

Community
  • 1
  • 1
Peter
  • 2,276
  • 4
  • 32
  • 40
  • I think you missed the point of my list. A web application will be almost uselss without this functionally, you just have to be careful how you use it. "With great power comes great responsibility". – rook Mar 04 '11 at 15:48
  • I get your point, I just wanted to make sure CI has some built in functionality for the assistance in preventing novice developers from making these mistakes. – Peter Mar 04 '11 at 20:22

1 Answers1

0

I think I got this answered. There seems to be a preg_replace looking for these commands on the input class @ line 763.

Please correct me if I am wrong.

Peter
  • 2,276
  • 4
  • 32
  • 40